[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2025-4517
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 4 20:06:35 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a08d79a by Salvatore Bonaccorso at 2025-07-04T21:06:01+02:00
Add reference for CVE-2025-4517
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9518,6 +9518,7 @@ CVE-2025-4517 (Allows arbitrary filesystem writes outside the extraction directo
- python3.9 <not-affected> (Vulnerable code got backported to 3.9.17, but dropped from sid with 3.9.13)
- python2.7 <not-affected> (Vulnerable code introduced in 3.12)
- jython <not-affected> (Vulnerable code introduced in 3.12)
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-hgqp-3mmf-7h8f
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a08d79a2cb01767de7061662046597ea1117130
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a08d79a2cb01767de7061662046597ea1117130
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250704/b91929eb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list